A complex email attack campaign uses weaponized PDF invoices to deliver RAT malware, impacting multiple operating systems including Windows, Linux, and macOS with JRE installed. The campaign employs advanced evasion techniques such as geofencing and domain abuse to avoid detection and gain remote access. (Affected: Organizations using these platforms and security systems)
Keypoints :
- The attack begins with fraudulent invoice emails passing SPF validation, tricking recipients into clicking malicious links.
- Weaponized PDFs prompt users to interact, leading to a multi-stage infection chain involving legitimate file-sharing platforms.
- The malware delivered is RATty, a Java-based remote access tool capable of executing commands and extracting data.
- Advanced evasion strategies include geofencing, URL masking through Ngrok, and decoy content for security systems.
- The attack exploits cross-platform compatibility of Java, enabling the malware to target multiple OS environments.
- Geolocation filtering ensures different payloads are served depending on the userβs location, increasing infiltration success.
- The campaign highlights increased sophistication in malware delivery, combining social engineering and technical deception to bypass security defenses.
Read More: https://cybersecuritynews.com/hackers-weaponizing-pdf-invoices/